Index: usr_sbin_lpd =================================================================== RCS file: /home/cvs/src/etc/systrace/usr_sbin_lpd,v retrieving revision 1.9 diff -u -p -u -p -r1.9 usr_sbin_lpd --- usr_sbin_lpd 13 Sep 2015 17:08:04 -0000 1.9 +++ usr_sbin_lpd 28 Mar 2016 14:11:40 -0000 @@ -12,7 +12,9 @@ Policy: /usr/sbin/lpd, Emulation: native native-chdir: permit native-chmod: filename eq "/var/run/printer" then permit native-chown: filename eq "/var/run/printer" then permit + native-clock_gettime: permit native-close: permit + native-connect: sockaddr eq "/var/run/printer" then permit native-connect: sockaddr match "inet-*:53" then permit native-connect: sockaddr sub ":515" then permit native-dup2: permit @@ -30,6 +32,7 @@ Policy: /usr/sbin/lpd, Emulation: native native-fsread: filename eq "/etc/spwd.db" then deny[eperm] native-fsread: filename eq "/usr/libexec/ld.so" then permit native-fsread: filename eq "/var/run/ld.so.hints" then permit + native-fsread: filename eq "/var/run/ypbind.lock" then permit native-fsread: filename eq "<non-existent filename>" then deny[enoent] native-fsread: filename match "/usr/lib" then permit native-fsread: filename match "/usr/share/nls" then permit
Probably going to be obsolete once lpd gets pledged, but as it stands,
the lpd systrace policy is missing these system calls.